Wireshark-bugs: [Wireshark-bugs] [Bug 9782] New: TCP Reassembly Failed
Date: Mon, 17 Feb 2014 09:25:07 +0000
Bug ID | 9782 |
---|---|
Summary | TCP Reassembly Failed |
Classification | Unclassified |
Product | Wireshark |
Version | 1.11.x (Experimental) |
Hardware | x86-64 |
OS | All |
Status | UNCONFIRMED |
Severity | Major |
Priority | Low |
Component | Dissection engine (libwireshark) |
Assignee | bugzilla-admin@wireshark.org |
Reporter | andrew.rukavishnikov@gmail.com |
Created attachment 12566 [details] Sample dump file. Build Information: *** note: also tested on ubuntu with 1.10.6 *** Version 1.11.3 (wireshark-1.11.3-rc1-1625-g337b2f7-dirty from master) Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio V19-devel (built Feb 12 2014), with AirPcap. Running on 64-bit Windows 8.1, build 9600, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap. Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz, with 12279MB of physical memory. Built using Microsoft Visual C++ 12.0 build 21005 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- The TCP reassembly functionality failed when dissected data passed for subsequent dissection to eth or frame dissector. But works when passed to data dissector. If you use sample lua dissector below on attached capture file, you can see than frame #3 missing one chunk of stream data and reassembly information. This breaks future dissection. However if you change sample dissector to process dissected data using only data dissector, the frame #3 contain reassembly information and lost data. ---------------------- START SAMPLE DISSECTOR ----------------------------- do local p_simplex = Proto("simplex", "SimplexProto"); local f_type = ProtoField.uint16("simplex.type", "Type", base.HEX, {[0x0080] = "Ethernet"}) local f_length = ProtoField.uint16("simplex.length", "Length", base.DEC) local f_data = ProtoField.bytes("simplex.data", "Data") p_simplex.fields = {f_type, f_length, f_data} local data_dis = Dissector.get("data") local eth_dis = Dissector.get("eth") local function simplex_common(tvb, pinfo, tree, offset) local type = tvb(offset + 0, 2):uint() local length = tvb(offset + 2, 2):uint() local l_tree = tree:add(p_simplex, tvb(offset + 0, length + 4)) l_tree:add(f_type, tvb(offset + 0, 2)) l_tree:add(f_length, tvb(offset + 2, 2)) l_tree:add(f_data, tvb(offset + 4, length)) -- data_dis:call(tvb(offset + 4, length):tvb(), pinfo, tree) eth_dis:call(tvb(offset + 4, length):tvb(), pinfo, tree) end function p_simplex.dissector(tvb, pinfo, tree) local processed = 0; local reported = tvb:reported_len() debug(">>> dissector(" .. pinfo.number .. "): reported=" .. reported) while processed < reported do local available = reported - processed if available < 4 then warn("!!! dissector(" .. pinfo.number .. "): REQUEST_DESEGMENT") pinfo.desegment_offset = processed; pinfo.desegment_len = required - available; break end if tvb(processed, 2):uint() ~= 0x0080 then warn("!!! dissector(" .. pinfo.number .. "): BROKEN_STREAM") break; end local required = tvb(processed + 2, 2):uint() + 4; info("*** dissector(" .. pinfo.number .. "): available=" .. available .. " required=" .. required) if available < required then warn("!!! dissector(" .. pinfo.number .. "): REQUEST_DESEGMENT") pinfo.desegment_offset = processed; pinfo.desegment_len = required - available; break end simplex_common(tvb, pinfo, tree, processed) processed = processed + required end debug("<<< dissector(" .. pinfo.number .. "): processed=" .. processed) return processed; end local tcp_encap_table = DissectorTable.get("tcp.port") tcp_encap_table:add(22222, p_simplex) end ---------------------- END SAMPLE DISSECTOR -----------------------------
You are receiving this mail because:
- You are watching all bug changes.
- Prev by Date: [Wireshark-bugs] [Bug 9781] New: Add column for capture interface name and interface description
- Next by Date: [Wireshark-bugs] [Bug 9781] Add fields for capture interface name and interface description
- Previous by thread: [Wireshark-bugs] [Bug 9781] Add fields for capture interface name and interface description
- Next by thread: [Wireshark-bugs] [Bug 9520] Add RFC 6514 support to BGP dissector
- Index(es):